First cut of SASL/EXTERNAL

2025-02-05 13:40:08 +08:00 · 2000-10-31 23:00:35 +00:00 · 2000-10-31 23:00:35 +00:00 · 511a84bc31
commit 511a84bc31
parent a4bc9f82d2
3 changed files with 54 additions and 0 deletions
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@ -655,6 +655,35 @@ ldap_int_sasl_bind(
 	return rc;
 }

+int
+ldap_int_sasl_external(
+	LDAP *ld,
+	const char * authid,
+	ber_len_t ssf )
+{
+	int sc;
+	sasl_conn_t *ctx = ld->ld_defconn->lconn_sasl_ctx;
+	sasl_external_properties_t extprops;
+    
+	if ( ctx == NULL ) {
+		return LDAP_LOCAL_ERROR;
+	}
+    
+	memset( &extprops, '\0', sizeof(extprops) );
+	extprops.ssf = ssf;
+	extprops.auth_id = (char *) authid;
+    
+	sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL,
+		(void *) &extprops );
+    
+	if ( sc != SASL_OK ) {
+		return LDAP_LOCAL_ERROR;
+	}
+
+	return LDAP_SUCCESS;
+}
+
+
 int ldap_pvt_sasl_secprops(
 	const char *in,
 	sasl_security_properties_t *secprops )
@ -954,4 +983,12 @@ ldap_int_sasl_bind(
 	LDAP_SASL_INTERACT_PROC *interact,
 	void * defaults )
 { return LDAP_NOT_SUPPORTED; }
+
+int
+ldap_int_sasl_external(
+	LDAP *ld,
+	const char * authid,
+	ber_len_t ssf )
+{ return LDAP_SUCCESS; }
+
 #endif /* HAVE_CYRUS_SASL */
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@ -523,6 +523,9 @@ LDAP_F (int) ldap_int_sasl_open LDAP_P((
 	const char* host, ber_len_t ssf ));
 LDAP_F (int) ldap_int_sasl_close LDAP_P(( LDAP *ld, LDAPConn *conn ));

+LDAP_F (int) ldap_int_sasl_external LDAP_P((
+	LDAP *ld, const char* authid, ber_len_t ssf ));
+
 LDAP_F (int) ldap_int_sasl_get_option LDAP_P(( LDAP *ld,
 	int option, void *arg ));
 LDAP_F (int) ldap_int_sasl_set_option LDAP_P(( LDAP *ld,
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@ -880,6 +880,20 @@ ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
 	 * certificate....
 	 */

+
+	{
+		void *ssl;
+		const char *authid;
+		ber_len_t ssf;
+
+		/* we need to let SASL know */
+		ssl = (void *) ldap_pvt_tls_sb_handle( sb );
+		ssf = ldap_pvt_tls_get_strength( ssl );
+		authid = ldap_pvt_tls_get_peer( ssl );
+
+		(void) ldap_int_sasl_external( ld, authid, ssf );
+	}
+
 	return LDAP_SUCCESS;
 }